PT-2024-46: Insecure storage of MasterSCADA 4D project password in fdb file

HIGH

(7.0) CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerability type:
CWE-620:Unverified Password Change

Vulnerability vector:

Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Severity (CVSSv3.1): 7.3 (high)
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 7.0 (high)

Description:

The vulnerability was identified in MasterSCADA 4D (v.1.12.16.27525).

The vulnerability can be exploited by an attacker to gain unauthorized access to a SCADA project by authorizing with a known password. An attacker, having gained access to the project's fdb file, will be able to replace the project password with a pre-prepared one.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 06.09.2022

Recommendations:

Update to version 1.2.18

Additional information: Security advisory

Researcher: Aynur Akchurin (Positive Technologies)

Identifier:

BDU:2024-06549

Vendor:

MPS SOFT

Vulnerable product:

MasterSCADA 4D

Vulnerable version:

1.12.16.27525

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.

PT-2024-46: Insecure storage of MasterSCADA 4D project password in fdb file

Analytics articles

What are the security threats on your network?

Vulnerability type:CWE-620:Unverified Password Change

Get in touch

Vulnerability type:
CWE-620:Unverified Password Change